Have you ever thought how the global economy and geopolitics influence cybersecurity and cybercrime? Some people may think these are two completely different domains, however they are strongly and permanently related.

An interesting example came up during our recent security awareness project at a large, Central European financial institution. The institution was concerned about a significant increase in hacking attempts that involved social engineering and spear phishing campaigns.

The security awareness training for all of the employees was validated with a social engineering attack against all employees to check if they had learned any lessons. Only a few people from the board were aware of this test. The attack scenario was quite simple: a local lottery announced that the employee has won a big sum of money. The results were pretty much common for the European financial industry, besides one curious outcome in the analytical report: 87% of newly-hired employees, including experienced seniors and even a member of the IT security team, clicked on the link in a phishing email. Among “old-school” employees, who were hired a long time ago, and had worked in the financial institution for many years, the click-rate was only 11%.